Sharyl Attkisson claims to have evidence, but she isn't sharing it all.

Share this story

Sharyl Attkisson was hacked. The computers used by the former CBS News investigative reporter were found to have been remotely accessed and tampered with, according to both a CBS-hired forensics expert and a reputable information security firm that did an analysis commissioned by Attkisson herself. Those are the facts as we know them.

Currently, that’s where the facts end and the allegations begin. Attkisson, whose book Stonewalled: My Fight for Truth Against the Forces of Obstruction, Intimidation and Harassment in Obama’s Washington was released this week, claims to have evidence that she was hacked by someone working for the government. She says the digital intrusion was part of a campaign to get her to stop pursuing stories critical of the Obama administration. [Attkisson, in a follow-up e-mail, clarifies: "I theorize the digital intrusion was an attempt to surreptitiously monitor my work to see who was talking to me and how much I knew on various stories."]

Attkisson is confident in her story, but others aren't so sure. Some aspects of her account don’t resonate well with many of the people in the security field that Ars has spoken to [including Robert Graham of Errata Security, who posted an analysis of Attkisson's claims on his blog, and dozens of others I spoke with both via public Twitter conversations and in person. David Ottenheimer of Flyingpenguin, Jeremi Gosney of Stricture Group and Sagitta Systems are also on the record here, and a few others—the majority of them politically opposed to the Obama administration—have declined to be named because they would rather not get "thrown into that hornet's nest," as one said.] Certain details of Attkisson's sound like they’re right out of a bad hacker movie or some episode of a CBS drama.

In the hope of getting some clarity about what did and what did not happen to Attkisson’s computers and other aspects of her digital life, Ars interviewed the reporter directly. We talked on the phone, and Attkisson provided an advance copy of her book. Perhaps, we thought, we could get past the largely partisan back-and-forth over her accusations and independently assess the relevant claims—that because of Attkisson's views against the current administration, she was a target for government-directed surveillance and intimidation.

Frustratingly, things are not that simple. While Attkisson stands by the reporting she did to back up this tale of federal spy games, independent verification of her claims is currently impossible for a variety of reasons. So for now, Attkisson’s story rests on trust of her journalistic integrity and her sourcing—at least until she can publicly share the evidence that she and a private information security company are sitting on.

It's important to note that the lack of independently verifiable evidence doesn’t mean she is a crackpot. Given the other context of Attkisson’s story, it’s a perfectly reasonable assumption to believe that someone with government connections was messing with her computers. But while she has a reputation as a tenacious investigative journalist, Attkisson's current story becomes more difficult to believe because of one simple fact.

Technically speaking, it often reads like she has no idea what she’s talking about.

The inexpert witness

Attkisson struggles with the technical content just as her colleagues in the mainstream television news business as a whole have struggled (and sometimes failed spectacularly) before her. With a cast of mysterious sources and a jumble of technical terminology that complicates rather than clarifies, Attkisson has a hard time in her retelling of her trip down the cyber rabbit hole without sounding like she’s shouting “What’s the frequency, Kenneth?”

She knows it, too. Attkisson admitted she was uneasy about talking to Ars because she was afraid of coming off like an idiot to a more technical audience than her usual base—people who are political geeks, not technical ones. At the end of our conversation, she made a simple request: “Please don’t make this a tinfoil hat article.”

[Sharyl Attkisson comments, "Regarding your reference to my “tin foil hat” request, could you please add the context that you were first to raise the phrase earlier in the conversation? I don’t typically use the phrase, and I didn’t raise it out of the blue, and I think it helps to know that. Otherwise it seems a bit misleading as if that is somehow my general mindset." The phrase was used in reference to the response to her allegations in conversations with security professionals and other sources.]

To be fair, Attkisson’s writing on the technical details of her ordeal are a notch better than what usually results when mainstream media journalism and technology collide. This year has been replete with the train wrecks that usually follow that collision. Recent cable and network news coverage of issues like Heartbleed, Shellshock, and the celebrity photo hack known as “the Fappening” demonstrated that TV news is ill-equipped to deal with modern technology, an increasingly important part of people’s daily lives. Mainstream news appears unable to cover this beat in a way that doesn’t end up distorting information to the point where the reporting is useless—or even harmful—to the public interest.

Attkisson acknowledged that technology is a topic that causes TV news organizations to fall flat on their faces with regularity (and, she added, the same goes for economics). “They’re not in our wheelhouse,” she explained. “I may be a hair better than some, but we’re all very poorly informed about all of this. I hate to say we’re lazy, but it’s hard to learn about a whole industry in a few hours or a day. It’s not something you can be a quick study on.”

Apparently, few television journalists spend enough time covering technology to build any sort of understanding of the field, because tech and security stories are a hard sell to begin with. “It’s hard to visualize, so in television news it’s considered sort of boring,” Attkisson said. “There’s the idea that the public won’t be interested or stay interested. And the story has to be simple—and that’s just not possible [with technology]."

So while Attkisson and others in her field spend much of their careers developing sources in government, for example, they are left short-handed when trying to find an expert source on security. Many of Attkisson’s sources in the book are people she encountered largely because she lives in Northern Virginia, among denizens of the government-cyber-military-industrial complex. And while these sources may be “excellent,” as Attkisson contended during our interview, her recounting of what they tell her is often jarring to anyone who’s familiar with technology. She is her own worst witness.

Share this story

Sean Gallagher
Sean is Ars Technica's IT and National Security Editor. A former Navy officer, systems administrator, and network systems integrator with 20 years of IT journalism experience, he lives and works in Baltimore, Maryland. Emailsean.gallagher@arstechnica.com//Twitter@thepacketrat

284 Reader Comments

Aurich, I've said it before and I'll say it again; whatever inspires you some days, please be so kind as to share what it is with the rest of us. That article pic is *fantastic*, man. Bleedin' brilliant.

I read some pretty vocal anti-administration Libertarian/Conservative blogs... and there are doubts as to the veracity of Atkinsson's claims raised there regularly. And that bunch is fairly uncritical when it comes to believing Bad Things about the Obama White House. So, safe to say, I personally have reservations.

Edit: And whether or not it was somebody in the government responsible, she sure is going to sell the hell out her book. Just sayin'.

I can definitely believe somebody was intruding on her computer. I doubt it was the government, unless they let interns at the NSA set up internet surveillance now. State-sponsored actors in the malware/espionage business are way too good at what they do to be noticed by someone like this reporter, who readily admits to a lack of technical expertise.

A sort of backdoor link that leads to an ISP address for a government computer that can’t be accessed by the general public on the Web. It’s an undeniable link to the US Government. Don says the importance of this link can’t be underestimated… ”Let me put it this way,” he tells me. “This ISP address is better evidence of the government being in your computer than the government had when it accused China of hacking into computers in the US.”

A lot of this could be explained just as well by some jerk with a RAT looking for pics. Files exfiltrated off? Could be targeted, could be anyone fishing. I don't doubt that the computer was hit by something, that's common enough.

Assuming the part I quoted really refers to an IP address and not an "ISP address", maybe it would be a good start to release that address? The evidence of the link to that address would also be useful.

If she was hacked, and nothing here convinces that me was, I do not believe it was by government.

Whether the Word doc deletion or the whole thing with her FiOS service were hacking is clearly debatable. All we know for sure is that CBS said her Toshiba laptop was hacked. And that's all I say with any certainty, Peter.

I can definitely believe somebody was intruding on her computer. I doubt it was the government, unless they let interns at the NSA set up internet surveillance now. State-sponsored actors in the malware/espionage business are way too good at what they do to be noticed by someone like this reporter, who readily admits to a lack of technical expertise.

It's not beyond reason that a government entity could utilize an existing backdoor to operate through. The presence of other malware does not preclude her claims. The presence of other bad actors does not preclude the presence of the one she claims. That she was possibly being hit with a RAT operated by multiple groups does not itself preclude any particular group. The originator of the malware need not be it's sole benefactor.

She was an journalist with inside sources in government, there has to be a mighty long list of interested parties. That one was government (or more other governments) is not unreasonable.

This caught my attention. Just hypothesizing here, but if she uses a wireless telephone there is a good chance that it operates on the same 2.4GHz frequency as her wifi. I used to have my wifi cut out when the phone rang due to the interference.

Ha! Good point. Realistically, there is no governmental agency that specializes in data exfiltration that would put together such an embarrassing campaign. Looks like some kind of garden variety malware, maybe combined with a late night watching Enemy of the State?

Incidentally, it should be noted that Sharyl Attkisson has changed her story about the hack. Whereas she originally claimed in her book that she knows exactly who "hacked" her machine based on her sources. But, as recently as two days ago, she has conceded that she has no idea who did anything to her machines, only claiming a vague "government tie."

Did anyone see where her machines were wiped after an infection was found? I sure didn't. Once your machine has been compromised you can no longer trust it. You need to nuke and pave to get back to a clean machine. For everything you found there can be many more that you did not find.

Fortunately I'm not in a position where having access to what's on my machine would justify the government attempting to access my machine, but if I was you can be pretty sure I'd be booting my OS from an optical disk to ensure a clean environment on every boot. Security isn't convenient.

This caught my attention. Just hypothesizing here, but if she uses a wireless telephone there is a good chance that it operates on the same 2.4GHz frequency as her wifi. I used to have my wifi cut out when the phone rang due to the interference.

This is because 802.11b and the 2.4GHz frequency used by cordless phones have some overlap. The first 3 channels of wifi are adjacent to the same frequencies used by cordless phones. There can be some crosstalk and attenuation because of it. That's why you want to be on a larger channel than that. Also why on Wifi, channels 5 and 6 (and 6 and 7, and...) can interfere with each other due to similar frequencies.

Omg... that description of hers had my eyes rolling. Please. Remote graphic control from an ISP. WTF does that mean? That makes about as much sense as the phrase "Lets write a VB script to trace the GUI to find the bad guy".

She has no friggen idea what she is looking at. And no competent hacker would do what she is claiming. Sounds like routine malware to me.

Personally a little skeptical it happened, and if it did in all probability it wasn't by the federal government, although we've seen with the IRS that government peons are more than willing to act on grudges, but I doubt there's some executive order out there from Obama saying, 'you know that lady, ol' what's-her-name, the CBS journalist who's not a big fan, we should hack her because that will accomplish sooooo much for my administration, which is of course completely free of other problems that need fixing.'

Edit: I do see a screenplay about this being forthcoming since they don't have to hire a Hollywood PR person to make up the techno babble of what's going on.

I'd had a laugh about the "Word hacking" video with friends on another site, without the context of the article. Why would someone allow someone to destroy their file, while capturing video in portrait, which doesn't show whether or not anything was plugged into the USB ports, with only a quick flash to the trackpad?

We'd guessed that she was only trying to draw attention to herself, while painting the Obama administration as a shadowy, evil corporation bent on punishing journalists critical of it.

30% of US computers have malware of some type, yet she's gung ho on the government doing it. She even admits (if I read correctly) she clicked on a random email attachment? Some hefty accusations with no proof provided and changing stories, and the great journalistic catch-all "anonymous" reviews of her laptop "prove" it.

Sounds to me like typical malware she's made into a "the government hacked me!" story. Quite an interesting way to drum up book sales.

If she wanted to be taken seriously, she shouldn't have let the "first analysis" "destroy" the "evidence". As the article points out, it somewhat poisons any analysis that comes after that. I'm unconvinced that she's being specifically targeted by anyone, and think the most likely answer is that she has some malware she picked up from somewhere, just as all non-technical users do from time to time. By her own admission she isn't a highly skilled user.

commercial, non-attributable spyware that was proprietary to a government agency.

That's the part that makes me extremely doubtful of her "tech's" abilities. Commercial government agency spyware doesn't exactly exist. They have a number of zero days, of course, that are used in different ways. They certainly don't make a habit of commercializing them, in a "non-attributable" fashion! They keep them closely held, using them with discretion, usually. Leaving that aside, the statement is internally contradictory. It's either non-attributable, OR "proprietary to a government agency". If the former, then it is from unknown actors. If the latter, well then it can't be the former! Hell, if it's the latter, it'd be HUGE news that they were commercializing it to boot!

I mean, sure, it's conceivable that the government is "hacking" her stuff. It sure doesn't sound as though she has anything close to a grasp of the technology, though, and one has to wonder who the hell she met at a McDonald's for a tech consult.

Ars are you going to report on the evidence now released that they have been spying on lawyers in cases involving themselves. Also I think you can change the headline to 'probably'.

Unless that evidence involves them spying in a completely incompetent manner strangely similar to random malware, I'm gonna stick with "probably not".

While the recent disclosures about government spying have shown that it's pervasive, they've also shown that it's competent - the very fact that the Snowden leaks came as a surprise shows that the NSA et al are actually pretty good at their nefarious work, and at keeping it under wraps. They're the government, they don't have to get you to download a RAT through a malicious email attachment. They don't even need to hack your machine directly. They can just go to your ISP, order them to provide a copy of all your traffic, and tell the ISP that if they reveal any of this, they'll be fined more money than has ever existed.

The screen sharing thing... THATS what has me. Why would a government hacker do, well, THAT. it makes no sense to me there are easier ways into her computer that don't leave it so visible.

Agreed. However, I can see another more likely scenario. Someone within the administration has a beef with the reporter and has a political motivation to monitor what she knows, who her sources are, etc, etc. It's not like they can call up the NSA and place an order for surveillance the way you would for a pizza. So, this individual, or small group, who knows almost nothing about surveillance or technology contracts out to a smooth talker that baffles them with BS. All on the down low with no accountability and no obvious connection to the administration. The script kiddie who normally lives in 4chan then goes hog wild with a slew of ham-fisted "hacks" that you see here.